<?php
$startTime = microtime(TRUE);

$con = mysqli_connect("localhost","softbos","developer","Logins");
mysqli_set_charset($con, "utf8");
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$quotes = array("Id" => "","Nick" => "'","Password" => "'");
$alowedFields = array("Id","Nick","Password");
$alowedOperators = array("=","<",">",">=","<=","!=","<>","!","&","~","|","^",">>","<<","<=>","XOR","NOT","LIKE","NOT LIKE","AND","OR","&&","||","BETWEEN","REGEXP","NOT REGEXP");

$i=0;
while(isset($_POST['key'.$i])){	
	$datafield = $alowedFields[array_search($_POST['datafield'.$i],$alowedFields)];
	$keyfield = $alowedFields[array_search($_POST['keyfield'.$i],$alowedFields)];	
	$operator = isset($_POST['operator'.$i]) ? $alowedOperators[array_search($_POST['operator'.$i],$alowedOperators)] : '=';		
	
	$fldQuote = $quotes[$datafield];
	$keyQuote = $quotes[$keyfield];	
	
	$key = mysqli_real_escape_string($con,$_POST['key'.$i]);
	$value = mysqli_real_escape_string($con,$_POST['value'.$i]);
	
	$sql = "UPDATE User SET `$datafield` = " . $fldQuote . $value . $fldQuote ." WHERE `$keyfield` $operator " . $keyQuote . $key . $keyQuote .";";
	if (!mysqli_query($con,$sql)) {
		echo $sql.'<br/>';
		die('Error: ' . mysqli_error($con));
	}

	echo $sql.'<br/>';
	$i++;	
}	

mysqli_close($con);
echo "Processed $i UPDATE query(ies) in " .(microtime(TRUE) - $startTime)."sec <br/>";	
?> 
